<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

Microsoft Exchange SSRF Vulnerability Exposed — PoC Exploit Now Public

HawkTrace reveals high-severity SSRF flaw CVE-2026-45504 in Microsoft Exchange. Patch urgently to prevent unauthorized file access.
Content Team

Security researchers at HawkTrace have disclosed a high-severity SSRF vulnerability in Microsoft Exchange, tracked as CVE-2026-45504 with a CVSS score of 8.8. The flaw lets authenticated low-privileged users read arbitrary files from on-premises Exchange servers — think credentials, config files, and internal service data.

The attack exploits how Exchange handles attachment previews via its OneDriveProUtilities component, passing user-controlled URLs into HTTP requests without proper validation. A simple file:// URI with a fragment character (#) bypasses protections entirely.

A working PoC is now live on GitHub, making patching urgent. Organizations should apply Microsoft's updates and block Exchange from reaching untrusted external endpoints immediately.

Source: Cybersecurity News

Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo